Monday, 20 April 2015

new credit terms / credit card balance malware

new credit terms / credit card balance malware with zip attachment...

Headers:
Subject: credit card balance
Subject: new credit terms
Message body:
Dear client,
We are pleased to inform you that our bank is ready to offer you a bank
loan. We would like to ask you to open the Attachment to this letter and
read the terms.

HSBC

We maintain strict security standards and procedures to prevent
unauthorised access to information about you. HSBC will never contact
you by e-mail or otherwise to ask you to validate personal information
such as your user ID, password, or account numbers. If you receive such
a request, please call our Direct Financial Services hotline.

Please do not reply to this e-mail. Should you wish to contact us,
please send your e-mail to commercialbanking@hsbc.com.hk and we will
respond to you.

Note: it is important that you do not provide your account or credit
card numbers, or convey any confidential information or banking
instructions, in your reply mail.

Copyright. The Hongkong and Shanghai Banking Corporation Limited 2015.
All rights reserved.
Attached to the email is a Zip file (Note: filename is random)
dalia_mas.zip
Inside the Zip file is a Windows Executable file (Note: filename is random)
Examples:

Blya.exe
Monkey.exe
Sha256 Hashes:
d53b2b9716054c9243542943998d93e454252e91d39cf1758e2c49483e440e70 [1]
2c5b22658070ea38c1dccd1a0e52edce2cb86be017b79055d62edfaad49bfd32 [2]
Anti virus reports:
VirusTotal Report: [1] (Detection 3/57)
VirusTotal Report: [2] (Detection 3/57)

Cheers,
Steve
Sanesecurity.com

No comments: